Openbridge does not employ bots, web, data, or screen scraping technologies for data pipeline automation. Openbridge only employs approved, official APIs provided to create scalable, secure, and compliant data pipelines. Employing bots, web, data, or screen scraping technologies would be a violation of the terms, AUPs, and DPPs set forth by companies like Amazon, Google, and Facebook. The use of these technologies can put customer accounts at risk of suspension or termination.
Official, Certified Developer Programs & APIs
Participation in formal, certified developer programs from companies like Amazon, Google, and Facebook is critical for transparency, consistency, and security.
Openbridge invests significant time and energy in working through official developer programs established by Amazon, Facebook, Google, Stripe, and many others. Companies require developers that participate in programs to undertake rigorous audits, reviews, and compliance monitoring to be approved as a user of their systems.
For example, here is what Amazon requires of us:
Developers must maintain all appropriate books and records reasonably required to verify compliance with Amazon Developer Services Agreement, Data Protection Policy (DPP), and Acceptable Use Policies (AUP) during the period of this agreement and for 12 months after that. Upon Amazon's written request, Developers must certify in writing that they comply with these policies.
As a data custodian for Marketplace sellers, Amazon rightly demands developers meet API usage and security standards.
We take our developer and partner commitments seriously, which means adhering closely to appliable data protection and acceptable use policies for each API we leverage on our customer's behalf.
How To Check If A Developer Is Using Bots?
Developers will often not reveal they are using bots to extract data and if they do, they will describe a bot in fanciful terminology like "robotic process automation". These are your first clues they are not using official, certified APIs.
Most bots emulate the behavior of a user and a browser. If someone is asking you to register a new user email address in your account, they are using a bot to access your data. For example, in the first step they will ask that you add an email address for the company to your account:
Once this email is added to your account as a new user, they use this email address to manually AND programmatically log into your account. If your account is using enhanced security via multi-factor authentication, the developer may ask you to disable or bypass those security controls.
To illustrate the point further, we detailed an Amazon use below.
Use Case: Amazon
In general, there are two software development approaches to working with Amazon; the "front door" and the "back door."
The "Front Door": Approved Amazon Developer
The "front door" reflects developers who leverage official Amazon APIs and formally participate in their developer program(s).
Openbridge, as an approved Amazon developer, is bound to comply with all applicable program terms;
Amazon Advertising Partner Network Terms & Conditions
Compliance includes testing, audits, security, legal, and governance policies that cover the collection, storage, use, transmission, and deletion of data.
These policies and agreements explicitly define how Openbridge, as a developer, can get data from Amazon through its APIs. While this is a significant investment of time and energy for us, it reflects a commitment to Amazon and our customers to meet shared standards and best practices.
The "Back Door": Bypassing Offical Amazon Programs And Systems
On occasion, we have had prospective customers ask us to develop "back door" Amazon data services. We politely decline as it does not align philosophically with our mission and would be a clear violation of our Amazon developer DPP and AUP.
However, there are commercial developers operating outside official Amazon developer channels. These developers offer "back door" Amazon data services.
What exactly is a "back door" data service? These are applications designed to collect data by bypassing or circumventing official Amazon APIs. An example of a back door data service is the web, data, or screen scraper. Scraper applications will mimick a person using a browser to scrape data from web pages, download files, or perform a task.
With Amazon, a developer will request user credentials so the scraper application can pretend to be a user and log into a Seller Central account. The developer's screen scraping application will log in to a Seller Central account, collect data, and store it somewhere. The screen scraped data will often be reports, which include Amazon-restricted PII data. These scraper apps will often require a seller to turn off account security features to enable access. For example, these apps will require turning off two-factor verification on Seller Central as it can cause their screen scrapers to break.
The Risks Of Bypassing Official, Approved Amazon Developer Programs
So what's the issue with back door data services? Since a scraping application mimics the behavior of a person using a website, they operate outside Amazon's terms of service:
Amazon expressly states that granting user authorizations to Amazon Portals to manually or programmatically circumvent Amazon policies for data access is a violation of AUP. As a result, if detected by Amazon, your Seller Central or Vendor Central account can be suspended or terminated.
Amazon Advertising prohibits developers from requesting credentials for Amazon Advertising interfaces and services (e.g., log-in credentials for the Advertising Console) for use in their applications. They state "Never ask for or accept an Amazon Advertising Participant’s access credentials for any purpose" which is exactly what the back door developers are doing.
Unlike Amazon-approved developer applications, there is no formal review by Amazon of security controls for the receipt, storage, usage, transfer, and storage of your data. These developers avoid the audit, review, and authorization process required of approved Amazon developers.
If a developer claims they do not need to leverage official data access APIs, they are deliberately choosing an unapproved data access pattern they know Amazon would not accept.
If you are using back door services for data access, Amazon can suspend or terminate the offending seller or vendor account. Is it worth the risk?
The Openbridge philosophy is to adhere to developer program requirements set forth by Amazon, Facebook, Google, or others, for data governance, security, transit, or storage requirements.
Our commitment is to align our efforts so we comply with the terms of any developer program services agreements we participate in. This includes partnering with program owners (Amazon, Google, Facebook, and others) as we complete applicable testing, review, refactoring, and monitoring set forth in their program terms.
Establishing long-term relationships with developer programs not only ensures compliance but also allows us to be an advocate on our customer's behalf. Our program participation provides direct access to troubleshooting, feature requests, enhancements, performance, and roadmaps to give our customers a voice in the technical evolution of these systems.